Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with ValidTests

Geo-IP filtering at the firewallis a well-established method of blocking traffic from regions that the organization does not do business with or has no legitimate presence in.

NIST SP 800-41 Rev. 1 (Guidelines on Firewalls):

“Firewalls can be configured to block traffic based on geolocation or IP ranges to reduce exposure to known hostile regions.”

Firewalls are thefirst line of defensein the network perimeter; adjusting SIEM rules doesn’t actively block access.

????WGU Course Alignment:

Domain:Network Security

Topic:Implement firewall filtering rules for geographic and IP-based restrictions

The correct answer is A — Homomorphic encryption.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), homomorphic encryption allows computations to be performed directly on encrypted data without needing to decrypt it first. This ensures the confidentiality of the data even during processing.

SFE (B) allows two parties to jointly compute a function without revealing inputs but is not the same. SSL (C) secures communication channels. PIR (D) is for retrieving information privately, not computing on encrypted data.

Reference Extract from Study Guide:

"Homomorphic encryption allows operations on encrypted data, enabling secure processing by third parties without exposing underlying data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Advanced Encryption Techniques

=============================================

IPsecis anend-to-end encryption protocol suitethat operates at thenetwork layer, providingauthentication, integrity, and confidentialitybetween virtual networks—even across different cloud environments like Azure and AWS.

NIST SP 800-77 Rev. 1 (Guide to IPsec VPNs):

“IPsec provides network-layer protection through authentication headers (AH) and encapsulating security payloads (ESP), suitable for securing traffic across untrusted environments.”

FTP is insecure, and SSH is more suitable for command-line access or remote sessions—not secure VPC-to-VPC tunnels.

????WGU Course Alignment:

Domain:Cryptography

Topic:Use encryption protocols like IPsec for secure data transmission between networks

The correct answer is B — Implementing domain name system security extensions (DNSSEC) to digitally sign DNS responses and prevent DNS spoofing attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that DNSSEC protects the integrity and authenticity of DNS responses, thereby preventing DNS spoofing (also called DNS cache poisoning), which could redirect users to malicious sites.

Restricting DNS access (A) is not sufficient against spoofing. Increasing patching frequency (C) is good practice but does not specifically stop spoofing. Security awareness training (D) helps against phishing, not DNS vulnerabilities.

Reference Extract from Study Guide:

"DNSSEC digitally signs DNS data to ensure the integrity and authenticity of DNS responses, mitigating risks such as DNS spoofing and cache poisoning."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Networking Protocols

=============================================

The System Development Life Cycle (SDLC) is a process used for planning, creating, testing, and deploying an information system. It involves several stages, including requirements gathering, system design, implementation, testing, deployment, and maintenance. The SDLC ensures that the system meets the needs of users and is developed in a structuredand efficient manner.

The correct answer is D — Implementing strong authentication mechanisms and encryption protocols to secure communication between the LDAP server and clients.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, securing LDAP communication and strengthening authentication directly addresses vulnerabilities related to unauthorized access. Using encryption protocols such as LDAP over SSL (LDAPS) ensures that credentials and sensitive data are transmitted securely.

Security awareness training (A) helps against social engineering but does not secure the LDAP system itself. Backups (B) are a recovery measure, not a preventive one. IDPS (C) can detect attacks but does not directly secure the LDAP server against exploitation.

Reference Extract from Study Guide:

"Implementing strong authentication and encrypting communications for LDAP servers mitigates vulnerabilities by preventing unauthorized access and protecting sensitive information during transmission."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Services

An input device is any hardware component that allows a user to enter data into a computer.

A scanner is an input device that converts physical documents into digital format.

The other options:

Printer is an output device.

Flash drive is a storage device.

CD can be both storage and media for input/output depending on the context but is not primarily used for direct data input.

Therefore, a scanner is the correct answer for an input device.

The correct answer is B — Avoid.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials explain that risk avoidance involves eliminating the source of risk entirely. In this scenario, by decommissioning the vulnerable website and starting anew, the organization is removing the risky environment instead of trying to fix or transfer the risk, which is a clear example of risk avoidance.

Accepting (A) would mean tolerating the risk without action. Transferring (C) would involve shifting the risk to a third party (like insurance). Mitigating (D) would involve reducing the risk without removing the vulnerable system.

Reference Extract from Study Guide:

"Risk avoidance entails eliminating the conditions that expose the organization to a threat, thereby completely removing the associated risk."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Response Strategies

AnIntrusion Prevention System (IPS)detects and blocks malicious activity in real time based on defined policies or behavior patterns. IPS tools can enforcerate limiting,connection attempts, and evenauto-blockingafter repeated failures.

NIST SP 800-94 Rev. 1:

“Intrusion prevention systems not only detect potential incidents but actively prevent attempts such as brute-force attacks on services like SSH.”

Firewalls may filter traffic, but only an IPSactively terminates or blocks behavior-based threats like repeated failed logins.

????WGU Course Alignment:

Domain:Network Security

Topic:Deploy and configure IPS for automated protection against brute-force attacks

The correct answer is B — Tabletop exercises.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a tabletop exercise as a controlled simulation where participants discuss their roles during a simulated disaster scenario. It allows the evaluation of the plan without causing real disruption to operations.

Walk-throughs (A) review plans but are less interactive. Checklists (C) are passive validation. Full interruption tests (D) would disrupt operations, which the company wants to avoid.

Reference Extract from Study Guide:

"Tabletop exercises allow teams to simulate disaster scenarios in a controlled, discussion-based format, helping validate plans without impacting real-world operations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Methods

=============================================